ClawHub

Agent Dispatch

Security checks across malware telemetry and agentic risk

Overview

This skill is a useful dispatcher, but it can silently fetch third-party agent instructions from GitHub, store them, and use them to steer future agent sessions.

Install only if you trust the remote VoltAgent agent repository and are comfortable with fetched agent instructions influencing delegated sessions. Prefer reviewing downloaded files, clearing the cache periodically, and using the skill only when you explicitly want subagent dispatch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description says it should be consulted before a very broad range of engineering tasks, which can cause it to intercept many ordinary requests and steer execution into its own dispatch flow. In context, that broad trigger increases attack surface because it may cause frequent routing to remotely sourced subagents even when unnecessary, amplifying exposure to unsafe downstream instructions.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to dispatch whenever a task is 'specialized' is ambiguous and leaves substantial room for interpretation by the agent. That ambiguity is risky here because the same procedure can trigger local file access, network download, caching, and prompt forwarding to a subagent without a strong boundary on when those actions are justified.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs the agent to download remote files from GitHub and cache them locally, but it does not require prior user notification or consent for the network access and filesystem write. In this context, the danger is elevated because the downloaded content is then read and used as prompt material for further task execution, creating a supply-chain and transparency risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal